AOH :: ISNQ5617.HTM

NARA admits violating internal policy on personal info




NARA admits violating internal policy on personal info
NARA admits violating internal policy on personal info



http://fcw.com/articles/2009/11/06/web-nara-it-security-problems.aspx 

By Ben Bain
FCW.com
Nov 06, 2009

The National Archives and Records Administration violated its 
information security policies by returning failed hard drives from 
systems containing personally identifiable information of current 
government employees and military veterans back to vendors. By agency 
policy, NARA is supposed to destroy the hard drives rather than return 
them, according to a top NARA official.

However, the agency believes there was no disclosure of personally 
identifiable information despite the violations of its own policy, said 
NARA's then-acting archivist Adrienne Thomas.

Thomas told the House Oversight and Government Reform Committee's 
Information Policy, Census and the National Archives Subcommittee Nov. 5 
that on two separate occasions the agency sent defective disk drives 
back to vendors under a maintenance contract, rather than destroying and 
disposing of them in-house.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods